The Government Accountability Office said most of the 24 major federal agencies have yet to establish guidance on service-level agreements, or SLAs, with cloud providers.
A review of the compliance with the Office of Management and Budget’s five key cloud procurement requirements also found that one-third of the agencies did not have guidance to ensure continuous visibility in systems that process high-value information or serve a critical function in maintaining the security of the civilian enterprise, according to a GAO report released on Friday.
The OMB established the procurement requirements in 2019 under its Cloud Smart Strategy as agencies shift their IT services to cloud services.
Agency officials said guidance had not been developed because they had used SLAs provided by the cloud service providers, relied on standard acquisition practices and included the procurement requirement in their contracts, among other reasons.
GAO said the CIO Council could collect and share examples of guidance on cloud SLAs and contract language from agencies that have met the OMB requirements to help other organizations improve cloud service procurement activities.
The government watchdog also made 46 recommendations to 18 agencies, including the Departments of Agriculture and Commerce, to develop or update guidance related to OMB’s Cloud Smart procurement requirements.